RE: SSH accepts protocol version 1.99

• Previous message: Chris Odell: "RE: SSH accepts protocol version 1.99"
• Maybe in reply to: Bennett R. Samowich: "SSH accepts protocol version 1.99"
• Next in thread: Darren Tucker: "Re: SSH accepts protocol version 1.99"
• Reply: Darren Tucker: "Re: SSH accepts protocol version 1.99"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 19 Aug 2003 14:15:44 -0400
To: <chris@redstarnetworks.net>

Yes, it was through nessus. I also confirmed it by setting PuTTY to use
protocol version 1 and it still connected. I couldn't find any mention
of disabling version 1 (except for the Protocol config option). Is it
possible that this is a bug?

- Bennett

-----Original Message-----
From: Chris Odell [mailto:chris@redstarnetworks.net]
Sent: Tuesday, August 19, 2003 2:02 PM
To: Bennett R. Samowich; secureshell@securityfocus.com
Subject: RE: SSH accepts protocol version 1.99

  Where your findings via "Nessus"? I was wondering the same after I
removed everything except for version 2 from the config and was
presented with the same results.

Chris Odell

-----Original Message-----
From: Bennett R. Samowich [mailto:brs@fsproduce.com]
Sent: Monday, August 18, 2003 1:45 PM
To: secureshell@securityfocus.com
Subject: SSH accepts protocol version 1.99

Greets,

During an audit we discovered that our SSH daemons allowed protocols
1.99 and 2.0. We have the line "Protocol 2" in the config file which I
thought would cause sshd to only allow protocol 2.0.

Is this true or am I missing something else?

Thanks in advance,
- Bennett

• Previous message: Chris Odell: "RE: SSH accepts protocol version 1.99"
• Maybe in reply to: Bennett R. Samowich: "SSH accepts protocol version 1.99"
• Next in thread: Darren Tucker: "Re: SSH accepts protocol version 1.99"
• Reply: Darren Tucker: "Re: SSH accepts protocol version 1.99"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]